Tom's Guide > Forum > Sécurité - Virus > trojan DNS

trojan DNS

Forum Sécurité - Virus : trojan DNS

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !

Contenu relatif
Actualités
Téléchargement

Voir tous les sujets correspondants à "trojan"

Créer un nouveau sujet Répondre

Bas de page Chercher dans ce sujet

Bonjour,
Depuis quelques jours, j'ai un DNS bizarre sur mon poste que je n'arrive pas du tout à l'enlever. j'ai fait plusieurs scan en ligne mais rien n'y fait.De l'aide STP. en tapant netstat, je trouve plusieurs connexionhttp et ftp.
Ci-dessous le rapport HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 14:10:57, on 20/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\dsniserver\bin\dsnisrv.exe
C:\WINDOWS\system32\Hummbird\inetd32.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\IBM\SMServer\AppServer\bin\wasservice.exe
C:\Program Files\c4ebreg\c4ebreg.exe
C:\Program Files\IBM\dsniserver\java\jre\bin\java.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\notes\ntmulti.exe
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IBM\SMServer\AppServer\java\bin\java.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.3.14\pmonmh.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\c4ebreg\isamtray.exe
C:\WINDOWS\system32\tp4ex.exe
C:\WINDOWS\system32\tp4cross.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080625-1707\soffice.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\IBM\SMServer\wshelp\eclipse\jre\bin\java.exe
C:\Program Files\IBM\SMServer\wshelp\eclipse\jre\bin\javaw.exe
C:\Program Files\AT&T Network Client\NetCfgSv.EXE
C:\WINDOWS\system32\nslookup.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IBM\Sametime Connect\sametime.exe
C:\PROGRA~1\IBM\SAMETI~1\jre\bin\sametime75.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\H.Ghomri\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe "c:\Program Files\IBM\IPM Client Migration Utility"
O4 - HKLM\..\Run: [MyHelpService] C:\Program Files\IBM\My Help\workspace\service\delayStart.exe
O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [Isamtray] "C:\Program Files\c4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [defergui] csdwork/defergui.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [SODCPreLoad] C:\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080625-1707\preload.exe C:\notes\data\workspace\.sodc\
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdlgu.exe] C:\WINDOWS\system32\kdlgu.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - Global Startup: Lotus QuickStart.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr [...] NPUpld.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O17 - HKLM\System\CCS\Services\Tcpip\..\{19E2F0CA-6B5F-497D-A75A-29B5FC1A8B54}: NameServer = 85.255.112.86;85.255.112.189
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A936BF6-6985-4DE3-A39D-BE29B5BED772}: NameServer = 85.255.112.86;85.255.112.189
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E1066F4-C2BF-43C8-8F8B-84DDC27BD23A}: NameServer = 85.255.112.86;85.255.112.189
O17 - HKLM\System\CCS\Services\Tcpip\..\{C38CB099-9C44-4214-B82A-CBC10F48FE88}: NameServer = 85.255.112.86;85.255.112.189
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDDA77D1-FD59-409C-8B38-898E07E7EFC6}: NameServer = 85.255.112.86;85.255.112.189
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{19E2F0CA-6B5F-497D-A75A-29B5FC1A8B54}: NameServer = 85.255.112.86;85.255.112.189
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: x-cnote - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\wowctl2.dll
O18 - Protocol: x-zip - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: zip - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O20 - Winlogon Notify: tpfnf2 - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\Program Files\Lenovo\HOTKEY\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM DS Network Interface Server (dsnisrv) - Unknown owner - C:\Program Files\IBM\dsniserver\bin\dsnisrv.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Communications Ltd. - C:\WINDOWS\system32\Hummbird\inetd32.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IBM WebSphere Application Server V5 - DS Storage Manager (IBMWAS5Service - DS Storage Manager) - Unknown owner - C:\Program Files\IBM\SMServer\AppServer\bin\wasservice.exe" "IBMWAS5Service - DS Storage Manager (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\c4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe (file missing)
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Network Client\NetCfgSv.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: IBM DS Storage Manager 10 Event Monitor (SMmonitor) - Unknown owner - C:\Program Files\IBM_DS4000\client\monitor\SMmonitor.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Re-bonjour Angeldark,
Ci-joint le rapport après le nettoyage:

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1414
Windows 5.1.2600 Service Pack 2

20/11/2008 18:43:38
mbam-log-2008-11-20 (18-43-38).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 179112
Temps écoulé: 27 minute(s), 57 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 30
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\ubervid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\poof (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdlgu.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19e2f0ca-6b5f-497d-a75a-29b5fc1a8b54}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19e2f0ca-6b5f-497d-a75a-29b5fc1a8b54}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2a936bf6-6985-4de3-a39d-be29b5bed772}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2a936bf6-6985-4de3-a39d-be29b5bed772}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5e1066f4-c2bf-43c8-8f8b-84ddc27bd23a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5e1066f4-c2bf-43c8-8f8b-84ddc27bd23a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c38cb099-9c44-4214-b82a-cbc10f48fe88}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c38cb099-9c44-4214-b82a-cbc10f48fe88}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{edda77d1-fd59-409c-8b38-898e07e7efc6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{edda77d1-fd59-409c-8b38-898e07e7efc6}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{19e2f0ca-6b5f-497d-a75a-29b5fc1a8b54}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{19e2f0ca-6b5f-497d-a75a-29b5fc1a8b54}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2a936bf6-6985-4de3-a39d-be29b5bed772}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2a936bf6-6985-4de3-a39d-be29b5bed772}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5e1066f4-c2bf-43c8-8f8b-84ddc27bd23a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5e1066f4-c2bf-43c8-8f8b-84ddc27bd23a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c38cb099-9c44-4214-b82a-cbc10f48fe88}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c38cb099-9c44-4214-b82a-cbc10f48fe88}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{edda77d1-fd59-409c-8b38-898e07e7efc6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{edda77d1-fd59-409c-8b38-898e07e7efc6}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{19e2f0ca-6b5f-497d-a75a-29b5fc1a8b54}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{19e2f0ca-6b5f-497d-a75a-29b5fc1a8b54}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2a936bf6-6985-4de3-a39d-be29b5bed772}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2a936bf6-6985-4de3-a39d-be29b5bed772}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5e1066f4-c2bf-43c8-8f8b-84ddc27bd23a}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5e1066f4-c2bf-43c8-8f8b-84ddc27bd23a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c38cb099-9c44-4214-b82a-cbc10f48fe88}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{edda77d1-fd59-409c-8b38-898e07e7efc6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{edda77d1-fd59-409c-8b38-898e07e7efc6}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.86;85.255.112.189 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\kdlgu.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
C:\WINDOWS\Temp\tmp4B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-1AF.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Répondre à user_80

Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

bonjour,
Les DNS n'apparaissent plus.
ci-dessous le rapportr demandé:

Logfile of HijackThis v1.99.1
Scan saved at 20:52:54, on 21/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\Hummbird\inetd32.exe
C:\WINDOWS\system32\cmd.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\notes\ntmulti.exe
C:\Program Files\AT&T Network Client\NetCfgSv.EXE
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.3.14\pmonmh.exe
C:\WINDOWS\system32\tp4ex.exe
C:\WINDOWS\system32\tp4cross.exe
C:\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080625-1707\soffice.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.1.2.200802132253\win32\x86\eclipse.exe
C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.5.0.SR6-200802132253\jre\bin\notes2w.exe
C:\notes\nlnotes.exe
C:\notes\ntaskldr.EXE
C:\notes\swiftsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\c4ebreg\isamtray.exe
C:\Program Files\c4ebreg\c4ebreg.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\H.Ghomri\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>;*.local
O1 - Hosts: 9.56.248.25 pokgsa.ibm.com
O1 - Hosts: 9.56.248.124 pokgsa-2.pok.ibm.com
O1 - Hosts: 9.56.248.16 pokxgsasd1.pok.ibm.com
O1 - Hosts: 9.56.248.17 pokxgsasd2.pok.ibm.com
O1 - Hosts: 9.56.248.233 pokxgsasd3.pok.ibm.com
O1 - Hosts: 9.56.248.130 pokxgsasd4.pok.ibm.com
O1 - Hosts: 9.56.248.18 pokxgsasd5.pok.ibm.com
O1 - Hosts: 9.56.248.80 pokxgsasd6.pok.ibm.com
O1 - Hosts: 9.56.248.47 pokxgsasd7.pok.ibm.com
O1 - Hosts: 9.56.248.22 pokxgsasd8.pok.ibm.com
O1 - Hosts: 9.56.248.254 pokxgsatm1.pok.ibm.com
O1 - Hosts: 9.56.248.23 pokxgsatm2.pok.ibm.com
O1 - Hosts: 9.56.248.20 pok3552n1c1.pok.ibm.com
O1 - Hosts: 9.56.248.21 pok3552n1c2.pok.ibm.com
O1 - Hosts: 9.56.248.192 pokrgsabso3.pok.ibm.com
O1 - Hosts: 9.56.248.193 pokrgsabso4.pok.ibm.com
O1 - Hosts: 9.56.248.194 pokrgsabso5.pok.ibm.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe "c:\Program Files\IBM\IPM Client Migration Utility"
O4 - HKLM\..\Run: [MyHelpService] C:\Program Files\IBM\My Help\workspace\service\delayStart.exe
O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [Isamtray] "C:\Program Files\c4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [defergui] csdwork/defergui.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [SODCPreLoad] C:\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080625-1707\preload.exe C:\notes\data\workspace\.sodc\
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdlgu.exe] C:\WINDOWS\system32\kdlgu.exe
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - Global Startup: Lotus QuickStart.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr [...] NPUpld.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: x-cnote - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\wowctl2.dll
O18 - Protocol: x-zip - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: zip - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O20 - Winlogon Notify: tpfnf2 - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\Program Files\Lenovo\HOTKEY\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM DS Network Interface Server (dsnisrv) - Unknown owner - C:\Program Files\IBM\dsniserver\bin\dsnisrv.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Communications Ltd. - C:\WINDOWS\system32\Hummbird\inetd32.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IBM WebSphere Application Server V5 - DS Storage Manager (IBMWAS5Service - DS Storage Manager) - Unknown owner - C:\Program Files\IBM\SMServer\AppServer\bin\wasservice.exe" "IBMWAS5Service - DS Storage Manager (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\c4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe (file missing)
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Network Client\NetCfgSv.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: IBM DS Storage Manager 10 Event Monitor (SMmonitor) - Unknown owner - C:\Program Files\IBM_DS4000\client\monitor\SMmonitor.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Répondre à user_80

Re,

Télécharge R-Hosts.exe (de S!ri)
Lance R-Hosts puis clique sur "Restaurer".
Valide la modification en appuyant sur OK.

&

! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

Télécharge ComboFix (sUBs) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Bonjour,
Le rapport conbofix.txt:

ComboFix 08-11-21.05 - H.Ghomri 2008-11-22 13:27:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1870 [GMT 0:00]
Lancé depuis: c:\documents and settings\H.Ghomri\Desktop\post forum\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Internet Explorer.lnk
c:\windows\system32\chmod.exe
c:\windows\system32\dc.exe
c:\windows\system32\dd.exe
c:\windows\system32\gunzip.exe
c:\windows\system32\head.exe
c:\windows\system32\install.exe
c:\windows\system32\ln.exe
c:\windows\system32\pr.exe
c:\windows\system32\tar.exe
c:\windows\system32\test.exe
c:\windows\system32\x64

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-22 au 2008-11-22 ))))))))))))))))))))))))))))))))))))
.

2008-11-20 18:09 . 2008-11-20 18:09 <DIR> d-------- c:\documents and settings\H.Ghomri\Application Data\Malwarebytes
2008-11-20 18:09 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-20 18:08 . 2008-11-20 18:08 <DIR> d-------- c:\program files\POST_FORUM
2008-11-20 18:08 . 2008-11-20 18:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-20 18:08 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-19 23:51 . 2008-11-20 01:55 <DIR> d-------- c:\program files\a-squared Free
2008-11-19 23:28 . 2008-11-20 02:47 <DIR> d-------- C:\SDFix
2008-11-19 23:24 . 2008-11-19 23:24 <DIR> d-------- C:\VundoFix Backups
2008-11-19 23:05 . 2008-11-19 23:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\AGNS
2008-11-19 10:13 . 2008-11-19 11:31 <DIR> d-------- c:\documents and settings\H.Ghomri\dscli
2008-11-14 21:12 . 2008-11-14 21:12 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-11-14 15:29 . 2008-11-14 15:29 418 --a------ c:\windows\Exceed.mif
2008-11-14 15:25 . 2008-11-14 15:28 <DIR> d-------- c:\windows\system32\Hummbird
2008-11-14 15:25 . 2008-11-14 17:21 <DIR> d-------- c:\program files\Exceed.nt
2008-11-14 10:50 . 2008-07-15 05:39 186 --------- c:\windows\DScli_win_reg_entry.reg
2008-11-14 10:50 . 2004-07-19 20:20 159 --------- c:\windows\DScli_win_reg_entry_uninst.reg
2008-11-14 10:48 . 2004-07-08 00:25 61,440 --------- c:\windows\system32\IBMJavaPlugin142.cpl
2008-11-14 10:39 . 2008-11-14 10:39 <DIR> d-------- c:\program files\PuTTY
2008-11-14 10:36 . 2008-11-14 10:50 3,693 --a------ c:\windows\vpd.properties
2008-11-13 11:11 . 2008-11-13 11:12 <DIR> d-------- c:\program files\TS3310LibraryServiceUtility
2008-11-13 09:54 . 2008-11-13 09:54 <DIR> d-------- c:\windows\Sun
2008-11-10 11:31 . 2008-11-10 11:31 <DIR> d-------- c:\program files\Java
2008-11-10 11:31 . 2008-11-10 11:31 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-10 11:31 . 2008-11-10 11:31 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-08 23:31 . 2008-11-08 23:31 25 --a------ c:\windows\cdplayer.ini
2008-11-05 16:46 . 2001-08-17 13:48 17,664 --a------ c:\windows\system32\drivers\sermouse.sys
2008-11-05 16:46 . 2001-08-17 13:48 17,664 --a--c--- c:\windows\system32\dllcache\sermouse.sys
2008-10-30 23:11 . 2008-11-02 17:01 <DIR> d-------- C:\dictionary
2008-10-27 14:02 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-10-27 14:02 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-10-27 14:02 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-10-27 14:02 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-10-27 14:02 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-10-27 14:02 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-10-27 14:02 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-10-27 14:02 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-10-27 10:44 . 2008-10-27 10:44 <DIR> d-------- c:\documents and settings\H.Ghomri\Application Data\IBMERS
2008-10-27 10:43 . 2008-10-27 10:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\IBMERS
2008-10-26 16:06 . 2003-01-20 20:34 40,960 --a------ c:\windows\system32\SMEventLog.dll
2008-10-24 21:32 . 2008-11-21 15:33 57,560 --a------ c:\documents and settings\H.Ghomri\Application Data\GDIPFONTCACHEV1.DAT
2008-10-22 19:23 . 2005-11-08 09:27 11,520 --a------ c:\windows\system32\drivers\ANC.sys
2008-10-22 19:23 . 2007-04-02 11:24 4,224 --a------ c:\windows\system32\drivers\IBMBLDID.sys
2008-10-22 13:44 . 2008-10-22 13:44 <DIR> d-------- c:\program files\Your Company Name
2008-10-22 13:42 . 2008-05-28 18:42 58,726,580 --a------ c:\temp\core43.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 13:33 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2008-11-22 13:33 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2008-11-21 13:04 --------- d-----w c:\program files\WST
2008-11-21 13:03 --------- d-----w c:\program files\C4ebreg
2008-11-21 08:34 --------- d-----w c:\program files\AT&T Network Client
2008-11-21 08:32 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-20 14:29 --------- d-----w c:\program files\AT&T Network Client Install
2008-11-20 14:05 --------- d-----w c:\program files\Access Manager
2008-11-20 02:20 --------- d-----w c:\program files\UnxUtils
2008-11-17 16:06 --------- d-----w c:\documents and settings\H.Ghomri\Application Data\FileZilla
2008-11-14 10:49 --------- d-----w c:\program files\IBM
2008-11-14 10:48 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-27 13:33 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-26 16:07 --------- d-----w c:\program files\IBM_DS4000
2008-10-26 14:42 --------- d-----w c:\documents and settings\H.Ghomri\Application Data\VMware
2008-10-20 10:20 --------- d-----w c:\program files\IBM Ayudame
2008-10-18 23:50 --------- d-----w c:\documents and settings\H.Ghomri\Application Data\Apple Computer
2008-10-16 20:42 --------- d-----w c:\program files\ActualtestsEngine
2008-10-16 20:42 --------- d-----w c:\documents and settings\H.Ghomri\Application Data\FileOpen
2008-10-16 20:42 --------- d-----w c:\documents and settings\All Users\Application Data\FileOpen
2008-10-14 14:54 --------- d-----w c:\program files\Internet Mobile
2008-10-14 07:40 --------- d--h--w c:\program files\Zero G Registry
2008-10-14 07:40 --------- d-----w c:\program files\DSMDrivers
2008-10-13 21:58 --------- d-----w c:\program files\FileZilla FTP Client
2008-10-12 17:30 --------- d-----w c:\program files\My Company Name
2008-10-12 12:50 --------- d-----w c:\documents and settings\H.Ghomri\Application Data\dvdcss
2008-10-11 23:24 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-10 23:40 --------- d-----w c:\documents and settings\H.Ghomri\Application Data\vlc
2008-10-10 22:58 --------- d-----w c:\program files\Real
2008-10-10 22:58 --------- d-----w c:\program files\Common Files\xing shared
2008-10-10 22:58 --------- d-----w c:\program files\Common Files\Real
2008-10-10 22:21 --------- d-----w c:\program files\VMware Workstation
2008-10-10 22:19 --------- d-----w c:\program files\Common Files\VMware
2008-10-10 21:40 --------- d-----w c:\program files\iTunes
2008-10-10 21:40 --------- d-----w c:\program files\iPod
2008-10-10 21:40 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-10 21:39 --------- d-----w c:\program files\QuickTime
2008-10-10 21:39 --------- d-----w c:\program files\Bonjour
2008-10-10 21:38 --------- d-----w c:\program files\Common Files\Apple
2008-10-10 21:38 --------- d-----w c:\program files\Apple Software Update
2008-10-10 21:38 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-10-10 20:26 --------- d-----w c:\documents and settings\H.Ghomri\Application Data\Talkback
2008-10-10 20:25 --------- d-----w c:\program files\VLC
2008-10-10 20:21 --------- d-----w c:\program files\IZArc
2008-10-10 20:07 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-10 20:06 64,752 ----a-w c:\windows\isamunin.exe
2008-10-10 20:04 --------- d-----w c:\program files\Windows Live
2008-10-10 20:04 --------- d-----w c:\program files\Ghostscript
2008-10-10 20:03 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-10 19:55 --------- d-----w c:\program files\Common Files\Ahead
2008-10-10 19:55 --------- d-----w c:\program files\Ahead
2008-10-10 19:36 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-10 18:41 --------- d-----w c:\program files\lmcinst
2008-10-10 18:41 --------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield
2008-10-10 18:32 --------- d-----w c:\program files\ThinkPad
2008-10-10 18:28 --------- d-----w c:\program files\Lenovo
2008-10-10 18:23 --------- d-----w c:\program files\Synaptics
2008-10-10 18:22 --------- d-----w c:\program files\Intel
2008-10-10 18:18 --------- d-----w c:\program files\CONEXANT
2008-10-10 18:18 --------- d-----w c:\program files\Analog Devices
2008-10-10 17:56 59,904 ------w C:\ospreg.exe
1999-03-08 17:06 389,632 ----a-w c:\program files\captureEcran.exe
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetSP - restore settings on power failure"="c:\program files\AT&T Network Client\NetSP.exe" [2007-01-13 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ISAM SMT Service"="c:\program files\C4ebreg\isamsmt.exe" [N/A]
"stgclean"="c:\sdwork\w32main2.exe" [2008-10-10 272384]
"Tpam.exe"="c:\program files\IBM\Personal Communications\tpam.exe" [2005-09-06 28672]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~2\SYMANT~2\VPTray.exe" [2006-09-27 125168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-15 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-15 137752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-01-11 294912]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-01-11 208896]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"ipmcmu"="c:\program files\IBM\IPM Client Migration Utility\ipmcmu.exe" [2008-10-12 204800]
"MyHelpService"="c:\program files\IBM\My Help\workspace\service\delayStart.exe" [2008-03-19 94208]
"pmonmh"="c:\program files\IBM\My Help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe" [2008-03-19 184371]
"ISSI EZUpdate Service"="c:\sdwork\issimsvc.exe" [2008-10-10 210944]
"C4EBReg"="c:\program files\c4ebreg\c4ebreg.exe" [2008-10-10 408816]
"Isamtray"="c:\program files\c4ebreg\isamtray.exe" [2008-10-10 265456]
"SODCPreLoad"="c:\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080625-1707\preload.exe" [2008-10-12 40960]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"c:\windows\system32\kdlgu.exe"="c:\windows\system32\kdlgu.exe" [N/A]
"TpShocks"="TpShocks.exe" [2007-11-22 c:\windows\system32\TpShocks.exe]
"defergui"="csdwork/defergui.exe" [2008-10-23 c:\sdwork\defergui.exe]
"TP4EX"="tp4ex.exe" [2005-10-17 c:\windows\system32\TP4EX.exe]
"TrackPointSrv"="tp4serv.exe" [2005-07-13 c:\windows\system32\tp4serv.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Lotus QuickStart.lnk - c:\lotus\wordpro\ltsstart.exe [2003-04-08 32768]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 16:02 34080 c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-07-05 14:52 32768 c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atmgrtok]
2005-09-06 09:07 53248 c:\program files\IBM\Personal Communications\atmgrtok.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
2005-09-06 18:43 49152 c:\windows\system32\pcsinst.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Infoprint Select Notification.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Infoprint Select Notification.lnk
backup=c:\windows\pss\Infoprint Select Notification.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Network Print Information Frontend.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Network Print Information Frontend.lnk
backup=c:\windows\pss\Network Print Information Frontend.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^pageant.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\pageant.exe.lnk
backup=c:\windows\pss\pageant.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
c:\program files\Thinkvantage Fingerprint Software\launcher.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-10 22:58 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"IBMconfig"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Shockprf;Shockprf;c:\windows\system32\DRIVERS\Apsx86.sys [2007-10-16 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\DRIVERS\ApsHM86.sys [2007-10-16 19504]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2008-10-22 11520]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2008-10-10 4442]
R2 agnwifi;AT&T Wi-Fi Support Driver;c:\windows\system32\DRIVERS\agnwifi.sys [2004-04-29 19328]
R2 AppnApi;AppnApi;c:\windows\system32\drivers\appnapi.sys [2005-09-06 120192]
R2 DCDClient-ISSI;IBM DCD Standard Client (DCDClient-ISSI);c:\program files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe [2008-10-27 53248]
R2 IBM_LLC2;IBM Personal Communications LLC2 Driver;c:\windows\system32\DRIVERS\llc2.sys [2005-09-06 101408]
R2 ISAMSvc;IBM Standard Asset Manager Service;"c:\program files\c4ebreg\c4ebreg.exe" [2008-10-10 408816]
R2 NsTrcNT;NsTrcNT;c:\windows\system32\drivers\nstrcnt.sys [2005-09-06 12028]
R2 pdlnctdl;Twinax CUT Adapter;c:\windows\system32\drivers\pdlnctdl.sys [2005-09-06 12288]
R2 pdlndldl;IBM Enterprise Extender (HPR/IP);c:\windows\system32\drivers\pdlndldl.sys [2005-09-06 59392]
R3 agnfilt;AGN Filter Interface;c:\windows\system32\DRIVERS\agnfilt.sys [2006-05-19 180864]
R3 Anydlc;Anydlc;c:\windows\system32\drivers\anydlc.sys [2005-09-06 38236]
R3 Appn;Appn;c:\windows\system32\drivers\appn.sys [2005-09-06 1286560]
R3 AppnBase;AppnBase;c:\windows\system32\drivers\AppnBase.sys [2005-09-06 195872]
R3 KLOGNT;KLOGNT;c:\windows\system32\drivers\klognt.sys [2005-09-06 24588]
R3 pdlnacom;PDLC Adapter -- COM;c:\windows\system32\drivers\pdlnacom.sys [2005-09-06 75200]
R3 pdlnafac;PDLC Adapter Factory;c:\windows\system32\drivers\pdlnafac.sys [2005-09-06 36048]
R3 pdlnatcm;Twinax Adapter Common;c:\windows\system32\drivers\pdlnatcm.sys [2005-09-06 20480]
R3 pdlnatdl;Twinax Adapter;c:\windows\system32\drivers\pdlnatdl.sys [2005-09-06 18432]
R3 pdlncbas;PDLC CxM Classes;c:\windows\system32\drivers\pdlncbas.sys [2005-09-06 6784]
R3 pdlncfwk;PDLC Connection Manager;c:\windows\system32\drivers\pdlncfwk.sys [2005-09-06 160288]
R3 pdlndint;PDLC DLC Classes;c:\windows\system32\drivers\pdlndint.sys [2005-09-06 12800]
R3 pdlndlpb;PDLC LAPB;c:\windows\system32\drivers\pdlndlpb.sys [2005-09-06 70144]
R3 pdlndoem;PDLC OEM Interface;c:\windows\system32\drivers\pdlndoem.sys [2005-09-06 18944]
R3 pdlndqll;PDLC QLLC;c:\windows\system32\drivers\pdlndqll.sys [2005-09-06 53248]
R3 pdlndsdl;PDLC SDLC;c:\windows\system32\drivers\pdlndsdl.sys [2005-09-06 67072]
R3 pdlndtdl;Twinax DLC;c:\windows\system32\drivers\pdlndtdl.sys [2005-09-06 51712]
R3 pdlnebas;PDLC Environment;c:\windows\system32\drivers\pdlnebas.sys [2005-09-06 8608]
R3 pdlnecfg;PDLC Configuration;c:\windows\system32\drivers\pdlnecfg.sys [2005-09-06 50336]
R3 pdlnemap;PDLC Mapper;c:\windows\system32\drivers\pdlnemap.sys [2005-09-06 67184]
R3 pdlnemsg;PDLC Message Driver;c:\windows\system32\drivers\pdlnemsg.sys [2005-09-06 12768]
R3 pdlnepkt;PDLC Buffer Manager;c:\windows\system32\drivers\pdlnepkt.sys [2005-09-06 19984]
R3 pdlnshay;PDLC Hayes At signalling;c:\windows\system32\drivers\pdlnshay.sys [2005-09-06 59504]
R3 pdlnslea;PDLC SDLC Leased;c:\windows\system32\drivers\pdlnslea.sys [2005-09-06 22384]
R3 pdlnsv25;PDLC V25bis signalling;c:\windows\system32\drivers\pdlnsv25.sys [2005-09-06 54416]
R3 pdlnsx25;PDLC X.25;c:\windows\system32\drivers\pdlnsx25.sys [2005-09-06 58432]
S2 MyHelp;My Help;c:\program files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe []
S3 avpnnic;AGN Virtual Network Adapter;c:\windows\system32\DRIVERS\avpnnic.sys [2003-04-04 13952]
S3 dsnisrv;IBM DS Network Interface Server;"c:\program files\IBM\dsniserver\bin\dsnisrv.exe" [2008-11-14 208953]
S3 IBMWAS5Service - DS Storage Manager;IBM WebSphere Application Server V5 - DS Storage Manager;"c:\program files\IBM\SMServer\AppServer\bin\wasservice.exe" "IBMWAS5Service - DS Storage Manager" [2008-11-14 49152]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-14 27904]
S3 SMmonitor;IBM DS Storage Manager 10 Event Monitor;c:\program files\IBM_DS4000\client\monitor\SMmonitor.exe [2008-10-14 69632]
S3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84259a71-99ff-11dd-9acf-00197e351ee1}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8dfe855-9bbe-11dd-9ad0-00197e351ee1}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:
\Shell\Open\command - e:\resycled\boot.com e:
.
Contenu du dossier 'Tâches planifiées'

2008-11-19 c:\windows\Tasks\At1.job
- c:\program files\IBM\IPM Client Migration Utility\ipmcmu.exe [2008-10-12 17:48]

2008-11-22 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-01-11 00:00]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\H.Ghomri\Application Data\Mozilla\Firefox\Profiles\rwpvnzv7.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\nphclx.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\program files\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 13:34:27
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\drivers\trcboot.exe
c:\program files\IBM\Personal Communications\PCS_AGNT.EXE
c:\program files\a-squared Free\a2service.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\Hummbird\inetd32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\notes\ntmulti.exe
c:\program files\AT&T Network Client\NetCfgSv.EXE
c:\program files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\VMware Workstation\vmware-authd.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\drivers\ldlcserv.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\IBM\My Help\plugins\com.ibm.myhelp.common_1.3.14\pmonmh.exe
c:\windows\system32\ntvdm.exe
c:\windows\system32\tp4cross.exe
c:\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080625-1707\soffice.exe
.
**************************************************************************
.
Heure de fin: 2008-11-22 13:38:27 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-22 13:38:23

Avant-CF: 44 659 621 888 bytes free
Après-CF: 45,809,188,864 bytes free

367

Répondre à user_80

Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Le rapport Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 10:26:14, on 23/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\Hummbird\inetd32.exe
C:\Program Files\c4ebreg\c4ebreg.exe
C:\WINDOWS\system32\cmd.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\notes\ntmulti.exe
C:\Program Files\AT&T Network Client\NetCfgSv.EXE
C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.3.14\pmonmh.exe
C:\Program Files\c4ebreg\isamtray.exe
C:\WINDOWS\system32\tp4ex.exe
C:\WINDOWS\system32\tp4cross.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080625-1707\soffice.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.1.2.200802132253\win32\x86\eclipse.exe
C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.5.0.SR6-200802132253\jre\bin\notes2w.exe
C:\notes\nlnotes.exe
C:\notes\ntaskldr.EXE
C:\notes\swiftsrv.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\H.Ghomri\Desktop\post forum\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe "c:\Program Files\IBM\IPM Client Migration Utility"
O4 - HKLM\..\Run: [MyHelpService] C:\Program Files\IBM\My Help\workspace\service\delayStart.exe
O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [Isamtray] "C:\Program Files\c4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [defergui] csdwork/defergui.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [SODCPreLoad] C:\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080625-1707\preload.exe C:\notes\data\workspace\.sodc\
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdlgu.exe] C:\WINDOWS\system32\kdlgu.exe
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - Global Startup: Lotus QuickStart.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr [...] NPUpld.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: x-cnote - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\wowctl2.dll
O18 - Protocol: x-zip - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: zip - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O20 - Winlogon Notify: tpfnf2 - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\Program Files\Lenovo\HOTKEY\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM DS Network Interface Server (dsnisrv) - Unknown owner - C:\Program Files\IBM\dsniserver\bin\dsnisrv.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Communications Ltd. - C:\WINDOWS\system32\Hummbird\inetd32.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IBM WebSphere Application Server V5 - DS Storage Manager (IBMWAS5Service - DS Storage Manager) - Unknown owner - C:\Program Files\IBM\SMServer\AppServer\bin\wasservice.exe" "IBMWAS5Service - DS Storage Manager (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\c4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe (file missing)
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Network Client\NetCfgSv.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: IBM DS Storage Manager 10 Event Monitor (SMmonitor) - Unknown owner - C:\Program Files\IBM_DS4000\client\monitor\SMmonitor.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Répondre à user_80

Re,

Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O18 - Protocol: asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: x-asp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: x-cnote - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: x-hsp - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\wowctl2.dll
O18 - Protocol: x-zip - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O18 - Protocol: zip - {8D32BA61-D15B-11D4-894B-000000000000} - C:\WINDOWS\system32\hsppp.dll (file missing)
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

j'ai fixé les lignes demandées.
le nouveau rapport Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 17:19:16, on 23/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\Hummbird\inetd32.exe
C:\Program Files\c4ebreg\c4ebreg.exe
C:\WINDOWS\system32\cmd.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\notes\ntmulti.exe
C:\Program Files\AT&T Network Client\NetCfgSv.EXE
C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.3.14\pmonmh.exe
C:\Program Files\c4ebreg\isamtray.exe
C:\WINDOWS\system32\tp4ex.exe
C:\WINDOWS\system32\tp4cross.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080625-1707\soffice.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.1.2.200802132253\win32\x86\eclipse.exe
C:\notes\framework\rcp\eclipse\plugins\com.ibm.rcp.j2se.win32.x86_1.5.0.SR6-200802132253\jre\bin\notes2w.exe
C:\notes\nlnotes.exe
C:\notes\ntaskldr.EXE
C:\notes\swiftsrv.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AT&T Network Client\NetClient.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Documents and Settings\H.Ghomri\Desktop\post forum\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe "c:\Program Files\IBM\IPM Client Migration Utility"
O4 - HKLM\..\Run: [MyHelpService] C:\Program Files\IBM\My Help\workspace\service\delayStart.exe
O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [Isamtray] "C:\Program Files\c4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [defergui] csdwork/defergui.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [SODCPreLoad] C:\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080625-1707\preload.exe C:\notes\data\workspace\.sodc\
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdlgu.exe] C:\WINDOWS\system32\kdlgu.exe
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - Global Startup: Lotus QuickStart.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr [...] NPUpld.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E1066F4-C2BF-43C8-8F8B-84DDC27BD23A}: Domain = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E1066F4-C2BF-43C8-8F8B-84DDC27BD23A}: NameServer = 9.64.162.21,9.64.163.21
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O20 - Winlogon Notify: tpfnf2 - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\Program Files\Lenovo\HOTKEY\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM DS Network Interface Server (dsnisrv) - Unknown owner - C:\Program Files\IBM\dsniserver\bin\dsnisrv.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Communications Ltd. - C:\WINDOWS\system32\Hummbird\inetd32.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IBM WebSphere Application Server V5 - DS Storage Manager (IBMWAS5Service - DS Storage Manager) - Unknown owner - C:\Program Files\IBM\SMServer\AppServer\bin\wasservice.exe" "IBMWAS5Service - DS Storage Manager (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\c4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe (file missing)
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Network Client\NetCfgSv.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: IBM DS Storage Manager 10 Event Monitor (SMmonitor) - Unknown owner - C:\Program Files\IBM_DS4000\client\monitor\SMmonitor.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Répondre à user_80

Tu as encore des problèmes ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

non plus de probleme.
Merci bcp pour ton aide.

Répondre à user_80

Bon surf.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
Répondre à Angeldark

Créer un nouveau sujet Répondre

Tom's Guide > Forum > Sécurité - Virus > trojan DNS

Aller à :

Aide |
Règles du forum

Il y a 678 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Contenu relatif

Voir tous les contenus correspondants à "trojan"

Page générée en 0,412 secondes

Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler

Liens